[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 11 08:12:10 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
beafc1aa by security tracker role at 2021-01-11T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2021-3123
+	RESERVED
+CVE-2021-3122
+	RESERVED
+CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
+	TODO: check
+CVE-2021-3120
+	RESERVED
+CVE-2021-3119
+	RESERVED
+CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+	TODO: check
+CVE-2021-3117
+	RESERVED
+CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...)
+	TODO: check
+CVE-2021-3115
+	RESERVED
+CVE-2021-3114
+	RESERVED
+CVE-2021-23834
+	RESERVED
+CVE-2021-23833
+	RESERVED
+CVE-2021-23832
+	RESERVED
+CVE-2021-23831
+	RESERVED
+CVE-2021-23830
+	RESERVED
+CVE-2021-23829
+	RESERVED
+CVE-2021-23828
+	RESERVED
+CVE-2021-23827
+	RESERVED
+CVE-2021-23826
+	RESERVED
 CVE-2021-23825
 	RESERVED
 CVE-2021-23824
@@ -5874,24 +5912,24 @@ CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the in
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-35727
-	RESERVED
-CVE-2020-35726
-	RESERVED
-CVE-2020-35725
-	RESERVED
-CVE-2020-35724
-	RESERVED
-CVE-2020-35723
-	RESERVED
-CVE-2020-35722
-	RESERVED
-CVE-2020-35721
-	RESERVED
-CVE-2020-35720
-	RESERVED
-CVE-2020-35719
-	RESERVED
+CVE-2020-35727 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35726 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35725 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35724 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35723 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35722 (** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Ques ...)
+	TODO: check
+CVE-2020-35721 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35720 (** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8 ...)
+	TODO: check
+CVE-2020-35719 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
 CVE-2020-35718
 	RESERVED
 CVE-2020-35717 (zonote through 0.4.0 allows XSS via a crafted note, with resultant Rem ...)
@@ -9940,14 +9978,14 @@ CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass P
 	NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
 CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
 	NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
-CVE-2020-35206
-	RESERVED
-CVE-2020-35205
-	RESERVED
-CVE-2020-35204
-	RESERVED
-CVE-2020-35203
-	RESERVED
+CVE-2020-35206 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manage ...)
+	TODO: check
+CVE-2020-35205 (** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in  ...)
+	TODO: check
+CVE-2020-35204 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+	TODO: check
+CVE-2020-35203 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manage ...)
+	TODO: check
 CVE-2020-35202 (Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql  ...)
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-35201 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beafc1aaf25c59b783266991552f80ec05da743f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/beafc1aaf25c59b783266991552f80ec05da743f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210111/053f0699/attachment.html>
